Sunday, August 23, 2015

IT Security Alerts Weekly Digest (16 Aug ~ 22 Aug 2015)

1. Information Updates on Microsoft Security Bulletin (3088903)
[21/08/2015] Microsoft has updated information on the Security Bulletin for Microsoft Internet Explorer. MS15-078 was revised to announce a detection change in the 3087985 update for Internet Explorer.

URL:technet.microsoft.com/en-us/library/security/MS15-093

2. Vulnerability in Apache Tapestry (105794)
[21/08/2015] Vulnerability was identified in the Apache Tapestry. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects versions prior to 5.3.6 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105794

3. Vulnerabilities in Apple QuickTime (HT205046)
[21/08/2015] Vulnerabilities were identified in the Apple QuickTime for Windows 7 and Windows Vista. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 7.7.8 of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.apple.com/en-us/HT205046
URL:www.us-cert.gov/ncas/current-activity/2015/08/20/Apple-Releases-Security-Update-QuickTime

4. Vulnerabilities in Cisco Products
[21/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco Aggregation Services Routers. An attacker could bypass security restrictions, gain elevated privileges, cause a denial of service condition and crash the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities except the Cisco Prime Infrastructure.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=40553
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40585
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105793
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105796

5. Vulnerability in HP-UX (c04735247)
[21/08/2015] Vulnerability was identified in the HP-UX. An attacker could bypass security restrictions and gain elevated privileges. This vulnerability affects versions 11.11, 11.23 and 11.31 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04735247
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105795

6. Vulnerability in EMC Documentum D2 (105797)
[21/08/2015] Vulnerability was identified in the EMC Documentum D2. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 4.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105797

7. Vulnerability in Micros DVR Products (VU#276148)
[21/08/2015] Vulnerability was identified in dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2. An attacker could bypass security restrictions, obtain sensitive information and compromise the system. This vulnerability affects multiple versions of the mentioned products.

URL:www.kb.cert.org/vuls/id/276148

8. Vulnerabilities in Drupal (DRUPAL-SA-CORE-2015-003, DRUPAL-SA-CONTRIB-2015-139, DRUPAL-SA-CONTRIB-2015-140, DRUPAL-SA-CONTRIB-2015-141)
[21/08/2015] Vulnerabilities were identified in the Drupal. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code and compromise the system. These vulnerabilities affects versions prior to 6.37 or 7.39 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www.drupal.org/SA-CORE-2015-003
URL:www.drupal.org/node/2553971
URL:www.drupal.org/node/2553977
URL:www.drupal.org/node/2554145
URL:www.us-cert.gov/ncas/current-activity/2015/08/19/Drupal-Releases-Security-Updates
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105755
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105775
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105776
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105777

9. Vulnerability in WP Symposium plugin for WordPress (105780)
[21/08/2015] Vulnerability was identified in the WP Symposium plugin for WordPress. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 15.1 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105780

10. Security Updates in Debian (DSA-3341-1)
[21/08/2015] Debian has released security update packages for fixing the vulnerability identified in the conntrack package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions, cause a denial of service condition and crash the system.

URL:www.debian.org/security/2015/dsa-3341

11. Security Updates in SUSE (SUSE-SU-2015:1409-1)
[21/08/2015] SUSE has released security update packages for fixing the vulnerability identified in the kvm package of SUSE Linux Enterprise 11. An attacker could bypass security restrictions and execute arbitrary code.

URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html

12. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1646-1, RHSA-2015:1647-1)
[21/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the rh-mariadb100-mariadb and mariadb55-mariadb packages for Red Hat Software Collections 2 for Red Hat Enterprise Linux 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1646.html
URL:rhn.redhat.com/errata/RHSA-2015-1647.html

13. Security Updates in Ubuntu GNU/Linux (USN-2702-3, USN-2702-2)
[21/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the firefox and subversion packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2702-3/
URL:www.ubuntu.com/usn/usn-2721-1/

14. Vulnerabilities in IBM WebSphere Application Server (1963275)
[20/08/2015] Vulnerabilities were identified in the IBM WebSphere Application Server. An attacker could bypass security restrictions, obtain sensitive information and gain elevated privileges. These vulnerabilities affects versions 7, 8 and 8.5 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:www-01.ibm.com/support/docview.wss?uid=swg21963275
URL:www.hkcert.org/my_url/en/alert/15082001

15. Vulnerability in Magento Community Edition (105725)
[20/08/2015] Vulnerability was identified in the Magento Community Edition. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 1.9.1.0 CE of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105725

16. Vulnerabilities in Django (105728, 105729)
[20/08/2015] Vulnerabilities were identified in the Django. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. These vulnerabilities affects versions prior to 1.4.22, 1.7.10 or 1.8.4 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105728
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105729

17. Security Updates in NetBSD (SA2015-007, SA2015-008)
[20/08/2015] NetBSD has released security update packages for fixing the vulnerabilities identified in the openssl packages for multiple versions of NetBSD GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and crash the system.

URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-007.txt.asc
URL:ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc

18. Vulnerability in Microsoft Internet Explorer (MS15-093)
[19/08/2015] Vulnerability was identified in the Microsoft Internet Explorer. An attacker could bypass security restrictions, gain elevated privileges, execute arbitrary code and compromise the system. This vulnerability affects all supported versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:technet.microsoft.com/en-us/library/security/MS15-093
URL:www.hkcert.org/my_url/en/alert/15081901

19. Vulnerability in Adobe LiveCycle Data Services (APSB15-20)
[19/08/2015] Vulnerability was identified in the Adobe LiveCycle Data Services. An attacker could bypass security restrictions, obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:helpx.adobe.com/content/help/en/security/products/livecycleds/apsb15-20.html

20. Vulnerabilities in Cisco Products
[19/08/2015] Vulnerabilities were identified in the Cisco Finesse, Cisco TelePresence Video Communication Server Expressway and Cisco Unified Interaction Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple firmware versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=40436
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40518
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40522
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40523
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40555
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105701
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105702
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105704
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105705
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105706

21. Vulnerability in F5 Products (SOL17047)
[19/08/2015] Vulnerability was identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security and BIG-IQ ADC. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned products. Security patches are available to resolve this vulnerability.

URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html

22. Vulnerabilities in Trend Micro Products
[19/08/2015] Vulnerabilities were identified in the Trend Micro Deep Discovery. An attacker bypass security restriction, obtain sensitive information, execute arbitrary code and perform cross-site scripting attacks. These vulnerabilities affect version 3.8 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:esupport.trendmicro.com/solution/en-US/1112206.aspx
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105698
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105699

23. Vulnerability in FTP Commander (105700)
[19/08/2015] Vulnerability was identified in the FTP Commander. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects version 8.02 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105700

24. Vulnerability in Foxit Software Foxit Reader (105696)
[19/08/2015] Vulnerability was identified in the Foxit Software Foxit Reader. An attacker could bypass security restrictions and execute arbitrary code on the system. This vulnerability affects version 7.1.5 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105696

25. Vulnerability in MASM32 Quick Editor (105678)
[19/08/2015] Vulnerability was identified in the MASM32 Quick Editor. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. This vulnerability affects version 11 of the mentioned product.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105678

26. Vulnerability in PHP (105673)
[19/08/2015] Vulnerability was identified in the PHP. An attacker could bypass security restrictions and obtain sensitive information. This vulnerability affects multiple versions of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105673

27. Security Updates in Oracle Linux (ELSA-2015-1640)
[19/08/2015] Oracle has released security update packages for fixing the vulnerability identified in the pam packages for Oracle Linux 6 and 7. An attacker could bypass security restriction, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-1640.html

28. Security Updates in Debian (DSA-3337-1)
[19/08/2015] Debian has released security update packages for fixing the vulnerability identified in the gdk-pixbuf package for multiple versions of Debian GNU/Linux. An attacker could bypass security restrictions and execute arbitrary code.

URL:www.debian.org/security/2015/dsa-3337

29. Security Updates in FreeBSD (FreeBSD-SA-15:20.expat)
[19/08/2015] FreeBSD has released security update packages for fixing the vulnerability identified in the libbsdxml packages for multiple versions of FreeBSD Linux. An attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.freebsd.org/security/advisories/FreeBSD-SA-15:20.expat.asc

30. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1640-1, RHSA-2015:1642-1, RHSA-2015:1643-1)
[19/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the pam, JBoss Web Server 2.1.0 and kernel packages for Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1640.html
URL:rhn.redhat.com/errata/RHSA-2015-1642.html
URL:rhn.redhat.com/errata/RHSA-2015-1643.html

31. Security Updates in Ubuntu GNU/Linux (USN-2710-2, USN-2713-1, USN-2714-1, USN-2715-1, USN-2716-1, USN-2717-1, USN-2718-1, USN-2719-1, USN-2720-1)
[19/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the openssh, linux, linux-ti-omap4, linux-lts-trusty, inux-lts-utopic, linux-lts-vivid and python-django packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.ubuntu.com/usn/usn-2710-2/
URL:www.ubuntu.com/usn/usn-2713-1/
URL:www.ubuntu.com/usn/usn-2714-1/
URL:www.ubuntu.com/usn/usn-2715-1/
URL:www.ubuntu.com/usn/usn-2716-1/
URL:www.ubuntu.com/usn/usn-2717-1/
URL:www.ubuntu.com/usn/usn-2718-1/
URL:www.ubuntu.com/usn/usn-2719-1/
URL:www.ubuntu.com/usn/usn-2720-1/

32. Vulnerability in Apache ActiveMQ (105644)
[18/08/2015] Vulnerability was identified in the Apache ActiveMQ. An attacker could bypass security restrictions, obtain sensitive information, execute arbitrary code and compromise the system. This vulnerability affects versions prior to 5.12.0 or 5.11.2 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105644

33. Vulnerabilities in Cisco Products
[18/08/2015] Vulnerabilities were identified in the Cisco Prime Infrastructure and Cisco NX-OS Internet Group Management Protocol. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:tools.cisco.com/quickview/bug/CSCut39938
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40470
URL:www.kb.cert.org/vuls/id/300820
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105649

34. Vulnerabilities in F5 Products (SOL17049, SOL17061, SOL17113, SOL17114, SOL17115, SOL17118, SOL17120, SOL17123, SOL17124, SOL17127, SOL17130)
[18/08/2015] Vulnerabilities were identified in the F5 BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM, ARX, Enterprise Manager, FirePass, BIG-IQ Cloud, BIG-IQ Device, BIG-IQ Security, BIG-IQ ADC, LineRate and Traffix SDC. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products. Security patches are available to resolve these vulnerabilities.

URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17049.html
URL:support.f5.com/kb/en-us/solutions/public/17000/000/sol17061.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17113.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17114.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17115.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17118.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17120.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17123.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17124.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17127.html
URL:support.f5.com/kb/en-us/solutions/public/17000/100/sol17130.html

35. Vulnerability in Huawei Mobile Broadband Product (Huawei-SA-20150817-01-MBB)
[18/08/2015] Vulnerability was identified in the Huawei MBB (Mobile Broadband) product E3272s. An attacker could bypass security restrictions, cause a denial of service condition and crash the system. This vulnerability affects firmware versions prior to E3272s-153TCPU-V200R002B491D09SP00C00 of the mentioned product. Security patches are available to resolve this vulnerability.

URL:www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-450877.htm

36. Vulnerabilities in EMC Products (105650, 105651, 105652, 105653, 105654, 105655, 105656, 105657, 105658, 105659, 105660)
[18/08/2015] Vulnerabilities were identified in the EMC Documentum Content Server and EMC multiple RSA BSAFE products. An attacker bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105650
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105651
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105652
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105653
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105654
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105655
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105656
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105657
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105658
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105659
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105660

37. Vulnerability in Google Android (105645)
[18/08/2015] Vulnerability was identified in the Google Android. An attacker could bypass security restrictions and obtain sensitive information. The affected version was not specified.

URL:exchange.xforce.ibmcloud.com/vulnerabilities/105645

38. Security Updates in Oracle Linux (ELSA-2015-1627, ELSA-2015-1628, ELSA-2015-1633, ELSA-2015-1634, ELSA-2015-1635, ELSA-2015-1636)
[18/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, subversion, sqlite and net-snmp packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:linux.oracle.com/errata/ELSA-2015-1627.html
URL:linux.oracle.com/errata/ELSA-2015-1628.html
URL:linux.oracle.com/errata/ELSA-2015-1633.html
URL:linux.oracle.com/errata/ELSA-2015-1634.html
URL:linux.oracle.com/errata/ELSA-2015-1635.html
URL:linux.oracle.com/errata/ELSA-2015-1636.html

39. Security Updates in Debian (DSA-3336-1)
[18/08/2015] Debian has released security update packages for fixing the vulnerabilities identified in the nss package for multiple versions of Debian GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information and perform spoofing attacks.

URL:www.debian.org/security/2015/dsa-3336

40. Security Updates in Mageia (MGASA-2015-0315)
[18/08/2015] Mageia has released security update packages for fixing the vulnerability identified in the kdepim4 packages for multiple versions of Mageia. An attacker could bypass security restrictions and obtain sensitive information.

URL:advisories.mageia.org/MGASA-2015-0315.html

41. Security Updates in Red Hat Enterprise Linux (RHSA-2015:1627-1, RHSA-2015:1628-1, RHSA-2015:1629-1, RHSA-2015:1630-1, RHSA-2015:1633-1, RHSA-2015:1634-1, RHSA-2015:1635-1, RHSA-2015:1636-1)
[18/08/2015] Red Hat has released security update packages for fixing the vulnerabilities identified in the glibc, mysql55-mysql, rh-mysql56-mysql, subversion, sqlite and net-snmp packages for Red Hat Software Collections 2, Red Hat Enterprise Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:rhn.redhat.com/errata/RHSA-2015-1627.html
URL:rhn.redhat.com/errata/RHSA-2015-1628.html
URL:rhn.redhat.com/errata/RHSA-2015-1629.html
URL:rhn.redhat.com/errata/RHSA-2015-1630.html
URL:rhn.redhat.com/errata/RHSA-2015-1633.html
URL:rhn.redhat.com/errata/RHSA-2015-1634.html
URL:rhn.redhat.com/errata/RHSA-2015-1635.html
URL:rhn.redhat.com/errata/RHSA-2015-1636.html

42. Security Updates in Ubuntu GNU/Linux (USN-2711-1)
[18/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the net-snmp packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system.

URL:www.ubuntu.com/usn/usn-2711-1/

43. Vulnerabilities in Cisco Products
[17/08/2015] Vulnerabilities were identified in the Cisco ASR 9000 Series Aggregation Services Routers, Cisco Nexus 3000 Series Switches, Cisco WebEx Node for Cisco Media Convergence Server, Cisco Unified Interaction Manager, Cisco Nexus 9000 Series Switches, Cisco FireSIGHT Management Center, Cisco TelePresence Video Communication Server, Cisco Edge 340 Series Digital Media Player, Cisco Adaptive Security Appliance, Cisco Content Security Management Appliance, Cisco Nexus Operating System Address Resolution Protocol and Cisco Unified Communications Manager. An attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system. These vulnerabilities affect multiple versions of the mentioned products.

URL:tools.cisco.com/security/center/viewAlert.x?alertId=39939
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40426
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40427
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40428
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40429
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40431
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40432
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40433
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40434
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40439
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40440
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40441
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40442
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40443
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40444
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40445
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40446
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40450
URL:tools.cisco.com/security/center/viewAlert.x?alertId=40469
URL:exchange.xforce.ibmcloud.com/vulnerabilities/105593

44. Vulnerabilities in Trend Micro OfficeScan
[17/08/2015] Vulnerabilities were identified in the Trend Micro OfficeScan 11. An attacker could bypass security restrictions, obtain sensitive information, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 11.0 Service Pack 1 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_cp_server_readme.htm#resolved
URL:downloadcenter.trendmicro.com/index.php?regs=NABU&clk=tbl&clkval=4569&cm_mmc=RSS-_-Download%20Center-_-product-_-5

45. Vulnerabilities in OSIsoft PI Data Archive Server (ICSA-15-225-01)
[17/08/2015] Vulnerabilities were identified in the OSIsoft PI Data Archive Server. An attacker could bypass security restrictions, execute arbitrary code, cause a denial of service condition and crash the system. These vulnerabilities affect versions prior to 3.4.3950.64 of the mentioned product. Security patches are available to resolve these vulnerabilities.

URL:ics-cert.us-cert.gov/advisories/ICSA-15-225-01

46. Security Updates in Oracle Linux (ELSA-2015-1623, ELSA-2015-3071, ELSA-2015-3072, ELSA-2015-3073)
[17/08/2015] Oracle has released security update packages for fixing the vulnerabilities identified in the kernel and kernel-uek packages for Oracle Linux 5, 6 and 7. Due to multiple errors, an attacker could bypass security restriction, execute arbitrary code, cause a denial of service condition and crash the system.

URL:linux.oracle.com/errata/ELSA-2015-1623.html
URL:linux.oracle.com/errata/ELSA-2015-3071.html
URL:linux.oracle.com/errata/ELSA-2015-3072.html
URL:linux.oracle.com/errata/ELSA-2015-3073.html

47. Security Updates in Gentoo Linux (GLSA 201508-01, GLSA 201508-02, GLSA 201508-03)
[17/08/2015] Gentoo has released security update packages for fixing the vulnerabilities identified in the adobe-flash, libgadu and icecast packages for multiple versions of Gentoo Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:security.gentoo.org/glsa/201508-01
URL:security.gentoo.org/glsa/201508-02
URL:security.gentoo.org/glsa/201508-03

48. Security Updates in Mageia (MGASA-2015-0304, MGASA-2015-0305, MGASA-2015-0306, MGASA-2015-0307, MGASA-2015-0308, MGASA-2015-0309, MGASA-2015-0310, MGASA-2015-0311, MGASA-2015-0312, MGASA-2015-0313, MGASA-2015-0314)
[17/08/2015] Mageia has released security update packages for fixing the vulnerabilities identified in the lxc, firefox, firefox-l10n, cacti, libunwind, ghostscript, wordpress,qemu, flash-player-plugin, rootcerts, nss, gdk-pixbuf2.0 and owncloud packages for multiple versions of Mageia. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:advisories.mageia.org/MGASA-2015-0304.html
URL:advisories.mageia.org/MGASA-2015-0305.html
URL:advisories.mageia.org/MGASA-2015-0306.html
URL:advisories.mageia.org/MGASA-2015-0307.html
URL:advisories.mageia.org/MGASA-2015-0308.html
URL:advisories.mageia.org/MGASA-2015-0309.html
URL:advisories.mageia.org/MGASA-2015-0310.html
URL:advisories.mageia.org/MGASA-2015-0311.html
URL:advisories.mageia.org/MGASA-2015-0312.html
URL:advisories.mageia.org/MGASA-2015-0313.html
URL:advisories.mageia.org/MGASA-2015-0314.html

49. Security Updates in Slackware (SSA:2015-226-01, SSA:2015-226-02)
[17/08/2015] Slackware has released security update packages for fixing the vulnerabilities identified in the mozilla-firefox and mozilla-thunderbird packages for multiple versions of Slackware Linux. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.312024
URL:www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.360362

50. Security Updates in SUSE (openSUSE-SU-2015:1382-1, openSUSE-SU-2015:1387-1, openSUSE-SU-2015:1388-1, openSUSE-SU-2015:1389-1, openSUSE-SU-2015:1390-1, openSUSE-SU-2015:1391-1)
[17/08/2015] SUSE has released security update packages for fixing the vulnerabilities identified in the Linux Kernel, glibc, flash-player and MozillaFirefox packages of openSUSE 13.1 and 13.2. Due to multiple errors, an attacker could bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, cause a denial of service condition and compromise the system.

URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00013.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
URL:lists.opensuse.org/opensuse-security-announce/2015-08/msg00016.html

51. Security Updates in Ubuntu GNU/Linux (USN-2709-1, USN-2710-1)
[17/08/2015] Ubuntu has released security update packages for fixing the vulnerabilities identified in the pollinate and openssh packages for versions 12.04 LTS, 14.04 LTS and 15.04 of Ubuntu GNU/Linux. Due to multiple errors, an attacker could bypass security restrictions, perform brute-force password attacks and obtain sensitive information.

URL:www.ubuntu.com/usn/usn-2709-1/
URL:www.ubuntu.com/usn/usn-2710-1/

Source(s) of above information:AdobeAppleCERT/CCCiscoDebianDrupalF5FreeBSDHKCERTHuaweiIBMIBM ISSMageiaMicrosoftNetBSDopenSUSEOracleRed HatSlackwareTrend MicroUbuntuUS-CERT

No comments:

Post a Comment